Prevent secrets from being committed to the repo
Problem to solve
Currently GitLab prevents pushing secrets to a repository by matching known file names and preventing them form being committed. However, authors will often times include secrets in files that do not match these patterns and have secrets leaked from their public project..
Projects like sshgit find committed secrets and sensitive files across GitHub, Gists, GitLab and BitBucket or your local repositories in real time. From it, we can see that Google and AWS keys are among the most leaked.
GitHub currently does secret scanning whereby commit contents are scanned and matching keys are sent to the vendor and then decommissioned.
For an MVC, a boring solution would be to obtain known regexes from top vendors and match them at commit-time. It has some performance and resource considerations though.